i need help on elitebar ... and more spyware i guess...

We have guidelines about posting HJT log that must be followed.

NOTE: You should read the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File >

Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

I changed your inline log to an attachment but please remember next time only post one when we request it and it must be an attachment.

Make sure you still have System Restore disabled: http://forums.majorgeeks.com/showthread.php?t=31668
Don't reboot when asked well do that later when we go to safe mode.
Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text (include the quotes):
regsvr32 /u "C:\WINDOWS\EliteBar\EliteBar version 50.dll"
then click OK. If a dialog box confirming this action appears, click OK.
Let me know if that works okay.
Enable viewing of hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650
Make sure you know how to boot in safe mode (but don't do it yet):
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
Bring up Task Manager by hitting CTRL-ALT-DEL and select Processes. You for the following processes and if found, end them:
winsysengine.exe
winrrn32.exe
MStli32.exe
Then exit Task Manager.
You should print these instructions now or save locally to a file because in the next step you MUST exit all browser sessions.
Run HijackThis and put check marks on the following lines BUT DO NOT CLICK FIX until you have terminated all browser sessions including the one you are reading this message in (do not open a browser again until told):
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\EliteBar version 50.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\EliteBar version 50.dll
O4 - HKLM\..\Run: [blah service] winsysengine.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winrrn32.exe
O4 - HKLM\..\RunServices: [blah service] winsysengine.exe
O4 - HKCU\..\Run: [Video Process] MStli32.exe
O16 - DPF: v2cab - http://install.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...bd8a1c841fba8d8

Did you put the below restriction in place? If not, fix this line too.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
After fixing those lines immediately reboot into safe mode.
Now use Windows Explorer to find and delete:
C:\EliteBar <---- delete the whole directory and all its contents
C:\WINDOWS\System32\winsysengine.exe
C:\windows\system32\winrrn32.exe
C:\WINDOWS\System32\MStli32.exe (this may be in another directory, you may have to use Windows search to find it)
If you have problems deleting any of those file, run Task Manager again and see if the one you are having a problem with is running again. If so, end it. Then try deleting it again. Let me know if you have any problems getting all of these deleted.
Reset your homepage to whatever you like
- Close all Internet Explorer windows (if you opened any)
- Open Control Panel. Click Start>Settings>Control Panel.
- Double-click the Internet Options icon.
- In the Internet Properties window, click the General tab and enter in the homepage URL you want
- Under the "Temporary Internet Files" section click on Delete Files, then check the box for "delete all offline content" and Click Ok. Once the Temporary Internet Files have been deleted (it may take a few minutes), Click OK and close Internet Options and then close the Control Panel.

Now reboot in normal mode an tell me how things are working. Post another HJT log attachment.
If everything is fixed, enable system restore.

NOTE: You really need to visit Windows update. You do not even have WinXP SP1 yet (and WinXP SP2 is out) and your Internet Explorer is out of date too.

 

You're welcome. And did you take a look at a new HJT log to make sure everything we tried to fix is actually gone.